Billions of user accounts have been breached since 2004 — here's what to do if you think you're one of them

An image of network security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock) (Image credit: Shutterstock)

It appears that data breaches are increasing at a worrying rate, with the first quarter of this year being particularly bad.

A new report from VPN firm Surfshark has found breached accounts increased fivefold globally in Q1 2024, compared to Q3 last year; in real terms, this is a jump from 81 million accounts to 435 million. 

Put another way, 627 accounts were breached every minute on average in the last quarter of 2023, whereas in the first quarter of this year, that figure rose to 3,353 accounts every minute; 5% of the world had their accounts breached. 

Global results

The US, China, and Russia lead the way as the most breached countries this year so far. Surfshark also found that since 2004, when it began monitoring these events, over 17 billion accounts have been breached globally in total, with roughly 6.5 billion of them having unique email addresses.

Out of the 17 billion accounts leaked over the past two decades, 38% of them had unique email addresses. Surfshark also found that 60.9 billion data points have been exposed, with American and Russian accounts being the most prominent examples.

As for Europe, the continent made up 30%, equating to 5.1 billion accounts (this includes Russia, which made up half of this figure). North America follows at 20%, and Asia at 15%. Other regions made up 7% of the total breaches found, and 28% "remain unknown."

The US is the most breached country since 2004, with 3 billion accounts leaked. Russia follows with 2.4 and China with 1.1. France was fourth with 521.5 million, then Germany with 486.7 million. The rest were Brazil (354.2), UK (321.9), India (320.5), Italy (266.8) and Canada (213.8). 

But when it comes to the number of breached accounts per resident, Russia is highest with 16.8 million, followed by the US with 9 million. The rest are South Sudan (8.1), France (8.1), Czechia (6.1), Singapore (5.8), Germany (5.8), Canada (5.5), Australia (5.3), The UK (4.8) and Portugal (4.7). 

Surfshark notes that people often use the same email for multiple accounts, meaning a single email or account can be breached more than once at different times, hence the high breach numbers they found. 

It also claims that when an email account is breached, users can fall victim to phishing attacks and identity theft. A spokesperson for Surfshark said, "we urge everyone to remain vigilant, create strong passwords, refrain from reusing them, and exercise caution when sharing personal information online."

It advises users that if they suspect their data or email has been breached (which they can do via free services like Have I Been Pwned?), they should change their passwords immediately, set up two-factor authentication (2FA) where possible, scan for malware on their device, and look out for suspicious emails and phone calls. They should also contact their bank if they think financial information has been leaked.   


Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.